Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com.

Adobe has published security bulletins for Adobe RoboHelp (APSB17-25), Adobe Flash Player (APSB17-28) and ColdFusion (APSB17-30). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

The Security Bulletin (APSB17-24) published on August 8 regarding updates for Adobe Acrobat and Reader has been updated to reflect the availability of new updates as of August 29.

The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223. This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.

At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.

Adobe has published security bulletins for Adobe Flash Player (APSB17-21) and Adobe Connect (APSB17-22). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe has published security bulletins for Adobe Flash Player (APSB17-15) and Adobe Experience Manager Forms (APSB17-16). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe has published a Security Bulletin (APSB17-14) announcing the availability of hotfixes for ColdFusion versions 2016, 11 and 10. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an updated version of Apache BlazeDS to mitigate java deserialization (CVE-2017-3066). Adobe recommends customers apply the relevant hotfix to their product installation using the instructions referenced in the security bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.